1. Field of Invention
The invention relates generally to communication between computer systems. In particular, the invention relates to the security of data requests during communication between computer systems involving authentication and verification of such requests.
2. Background
The explosive growth of the World Wide Web (“Web”) has significantly increased the number of organizations using the Internet for business purposes. While businesses initially used the Internet to offer services to end consumers, these businesses are increasingly using the Internet to communicate with other businesses for commercial and the like economically motivated purposes as well. Hence there is a general need for computers in these two disparate business models, i.e. the business-to-consumer and business-to-business models, respectively, to communicate with each other.
Such communication can be classified into a request-response type of communication where a request, which is typically an instruction or the like structured data, can be issued for retrieving or processing information or content such as a file, and a response to the request can be appropriately a delivery of information or content, whether processed or not. Typically, such request-response form of communication between businesses is required to be secure and authenticated. As an example, when Business A issues a request asking for a file or the like content from Business B either for itself or to be delivered to an end-consumer, Business B has to ensure that the request did originate from Business A as well as ensure the integrity of the request by authenticating and verifying, respectively, the request.
One popular method of enabling communication between disparate systems over the Internet that has emerged recently is the use of the eXtended Markup Language (XML) for communication. This type of “rich” language provides computers and computer systems means for requesting and exchanging information. To implement a communication scheme using XML messages or scripts typically requires the relevant parties to agree to various terms with regard to the format and structure of the communication scheme, and the parties to have the appropriate tools to parse and process the XML scripts.
In such a communication scheme, an initial exchange of information such as passwords or keys takes place to generate a session key which is valid for a period of time. The session key is then used to authenticate requests for information. The passwords or keys can be encrypted using Secure Socket Layer (SSL). In situations where security is critical, the requested information can be encrypted as well. This in turn requires the receiving party to decrypt the requested information.
Such an approach requires the computer systems requesting and receiving the information to be tightly coupled as there is a requirement for both parties to agree on the format and structure of the XML scripts and be able to parse the same. This approach involves a number of interactions for a request to be authenticated, and additional steps are required if encryption is involved. Hence this approach is time-consuming due to the number of steps involved. It also places additional burden on businesses as separate agreements have to be reached with separate business partners.
However in many situations, the need for shorter response times and reality of businesses having multiple business partners require a more simplified communication scheme.
There is therefore a need for a communication scheme for enabling communication between computers in a network in which requests for information are authenticated and verified to facilitate efficient and secure information exchange between the computers.